IAPP Exam CIPT Topic 6 Question 95 Discussion

Actual exam question for IAPP's CIPT exam

Question #: 95
Topic #: 6

[All CIPT Questions]

An organization has recently experienced a data breach where large amounts of personal data were compromised. As part of a post-incident review, the privacy technologist wants to analyze available data to understand what vulnerabilities may have contributed to the incident occurring. He learns that a key vulnerability had been flagged by the system but that detective controls were not operating effectively. Which type of web application security risk does this finding most likely point to?

AInsecure Design.

BMisconfiguration.

CVulnerable and Outdated Components.

DLogging and Monitoring Failures.

Show Suggested Answer

Suggested Answer: A

Having default settings for information sharing and consent can be problematic because it may not accurately reflect a user's preferences. Users may not be aware of these default settings or may not understand their implications. This could result in personal information being shared without the user's explicit consent.

by Lavina at Sep 17, 2024, 09:09 PM

Limited Time Offer

25%

Off

Get Premium CIPT Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Harris

22 hours ago

I believe the answer might also be B) Misconfiguration. If the system flagged a key vulnerability but it wasn't fixed, it could be due to misconfiguration.

upvoted 0 times

...

Giuseppe

3 days ago

I agree with Odelia. If the detective controls were not operating effectively, then it's likely a logging and monitoring issue.

upvoted 0 times

...

Odelia

10 days ago

I think the answer is D) Logging and Monitoring Failures.

upvoted 0 times

...